# create a new koji builder
# NOTE: should be used with --limit most of the time
# NOTE: make sure there is room/space for this builder on the buildvmhost
# NOTE: most of these vars_path come from group_vars/buildvm or from hostvars

- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=buildvm:buildvm_stg:buildvm_aarch64:buildvm_armv7:buildvm_ppc64le:buildvm_ppc64le_stg:buildvm_aarch64_stg:buildvm_armv7_stg:buildvm_s390x_kvm"

- name: make koji builder(s)
  hosts: buildvm:buildvm_stg:buildvm_aarch64:buildvm_armv7:buildvm_ppc64le:buildvm_ppc64le_stg:buildvm_aarch64_stg:buildvm_armv7_stg:buildvm_s390x:buildvm_s390x_stg
  user: root
  gather_facts: True

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  pre_tasks:
    - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
    - import_tasks: "{{ tasks_path }}/yumrepos.yml"

  roles:
    - base
    - hosts
    - {
        role: nfs/client,
        mnt_dir: "/mnt/fedora_koji",
        nfs_src_dir: "{{ koji_hub_nfs }}",
        when: "env == 'staging' or createrepo or 'runroot' in group_names and not inventory_hostname.startswith('buildvm-s390x')",
      }
    - ipa/client
    - { role: sudo, when: not inventory_hostname.startswith('bkernel') and env == 'production' }
    - koji_builder
    - role: nfs/client
      mnt_dir: '/mnt/koji/ostree'
      nfs_src_dir: 'fedora_ostree_content/ostree'
      when: env != 'staging' and 'runroot' in group_names and not inventory_hostname.startswith('buildvm-s390x')

    - role: nfs/client
      mnt_dir: '/mnt/koji/compose/ostree'
      nfs_src_dir: 'fedora_ostree_content/compose/ostree'
      when: env != 'staging' and 'runroot' in group_names and not inventory_hostname.startswith('buildvm-s390x')

    - role: nfs/client
      mnt_dir: '/mnt/koji/ostree'
      nfs_src_dir: 'fedora_ostree_content_stg/ostree'
      when: env == 'staging' and 'runroot' in group_names and not inventory_hostname.startswith('buildvm-s390x')

    - role: nfs/client
      mnt_dir: '/srv/odcs'
      nfs_src_dir: 'fedora_odcs'
      when: env != 'staging' and 'runroot' in group_names and not inventory_hostname.startswith('buildvm-s390x')

    - role: nfs/client
      mnt_dir: '/srv/odcs'
      nfs_src_dir: 'fedora_odcs_stg'
      when: env == 'staging' and 'runroot' in group_names and not inventory_hostname.startswith('buildvm-s390x')

    - role: nfs/client
      mnt_dir: '/mnt/koji/compose/ostree'
      nfs_src_dir: 'fedora_ostree_content_stg/compose/ostree'
      when: env == 'staging' and 'runroot' in group_names and not inventory_hostname.startswith('buildvm-s390x')

    - role: keytab/service
      kt_location: /etc/kojid/kojid.keytab
      service: compile
    - role: keytab/service
      owner_user: root
      owner_group: root
      service: osbs
      host: "osbs.fedoraproject.org"
      when: env == "production"
    - role: keytab/service
      owner_user: root
      owner_group: root
      service: osbs
      host: "osbs.stg.fedoraproject.org"
      when: env == "staging"
    - role: keytab/service
      owner_user: root
      owner_group: root
      service: innercompose
      host: "odcs{{ env_suffix }}.fedoraproject.org"
      kt_location: /etc/kojid/secrets/odcs_inner.keytab
      when: env == "staging"

  tasks:
    - import_tasks: "{{ tasks_path }}/motd.yml"
      when: not inventory_hostname.startswith('bkernel') and env == 'production'

#    - name: make sure kojid is running
#      service: name=kojid state=started enabled=yes

  handlers:
    - import_tasks: "{{ handlers_path }}/restart_services.yml"

- name: configure osbs on koji builders
  hosts: buildvm:buildvm_stg
  tags:
    - osbs
  user: root
  gather_facts: True

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  pre_tasks:
    - import_tasks: "{{ tasks_path }}/osbs_certs.yml"
    - import_tasks: "{{ tasks_path }}/osbs_koji_token.yml"

  roles:
    - {
        role: osbs-client,
        when: env == 'staging' and ansible_architecture == 'x86_64',
        general:
          {
            verbose: 0,
            build_json_dir: "/usr/share/osbs/",
            openshift_required_version: 1.1.0,
          },
        default:
          {
            username: "{{ osbs_koji_stg_username }}",
            password: "{{ osbs_koji_stg_password }}",
            koji_use_kerberos: True,
            koji_kerberos_keytab: "FILE:/etc/krb5.osbs_{{osbs_url}}.keytab",
            koji_kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}",
            openshift_url: "https://{{ osbs_url }}/",
            build_host: "{{ osbs_url }}",
            koji_root: "http://{{ koji_root }}",
            koji_hub: "https://koji.stg.fedoraproject.org/kojihub",
            sources_command: "fedpkg sources",
            build_type: "prod",
            verify_ssl: true,
            use_auth: true,
            builder_use_auth: true,
            registry_api_versions: "v2",
            builder_openshift_url: "https://{{osbs_url}}",
            client_config_secret: "client-config-secret",
            reactor_config_secret: "reactor-config-secret",
            token_secrets: "x86-64-osbs:/var/run/secrets/atomic-reactor/x86-64-orchestrator",
            token_file: "/etc/osbs/x86-64-osbs-koji",
            namespace: "osbs-fedora",
            can_orchestrate: true,
            builder_odcs_url: "https://odcs{{ env_suffix }}.fedoraproject.org",
            builder_odcs_openidc_secret: "odcs-oidc-secret",
            builder_pdc_url: "https://pdc.stg.fedoraproject.org/api/1",
            reactor_config_map: "reactor-config-map",
            reactor_config_map_scratch: "reactor-config-map-scratch",
            build_from: "image:buildroot:latest",
          },
      }
    - {
        role: osbs-client,
        when: env == 'production' and ansible_architecture == 'x86_64',
        general:
          {
            verbose: 0,
            build_json_dir: "/usr/share/osbs/",
            openshift_required_version: 1.1.0,
          },
        default:
          {
            username: "{{ osbs_koji_prod_username }}",
            password: "{{ osbs_koji_prod_password }}",
            koji_use_kerberos: True,
            koji_kerberos_keytab: "FILE:/etc/krb5.osbs_{{osbs_url}}.keytab",
            koji_kerberos_principal: "osbs/{{osbs_url}}@{{ipa_realm}}",
            openshift_url: "https://{{ osbs_url }}/",
            build_host: "{{ osbs_url }}",
            koji_root: "http://{{ koji_root }}",
            koji_hub: "https://koji.fedoraproject.org/kojihub",
            sources_command: "fedpkg sources",
            build_type: "prod",
            verify_ssl: true,
            use_auth: true,
            builder_use_auth: true,
            registry_api_versions: "v2",
            builder_openshift_url: "https://{{osbs_url}}",
            token_secrets: "x86-64-osbs:/var/run/secrets/atomic-reactor/x86-64-orchestrator",
            token_file: "/etc/osbs/x86-64-osbs-koji",
            namespace: "osbs-fedora",
            can_orchestrate: true,
            builder_odcs_url: "https://odcs{{ env_suffix }}.fedoraproject.org",
            builder_odcs_openidc_secret: "odcs-oidc-secret",
            builder_pdc_url: "https://pdc.fedoraproject.org/api/1",
            reactor_config_map: "reactor-config-map",
            reactor_config_map_scratch: "reactor-config-map-scratch",
            build_from: "image:buildroot:latest",
          },
      }
  handlers:
    - import_tasks: "{{ handlers_path }}/restart_services.yml"

- name: configure varnish cache
  hosts: buildvm-s390x-24.s390.fedoraproject.org:buildvm-s390x-01.stg.s390.fedoraproject.org:buildvm-s390x-07.s390.fedoraproject.org
  tags:
    - varnish
  user: root
  gather_facts: True

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
    - varnish

  handlers:
    - import_tasks: "{{ handlers_path }}/restart_services.yml"

- name: configure sshfs on buildvm-s390x
  hosts: buildvm-s390x-01.stg.s390.fedoraproject.org:buildvm-s390x-15.s390.fedoraproject.org:buildvm-s390x-16.s390.fedoraproject.org:buildvm-s390x-17.s390.fedoraproject.org
  tags:
    - sshfs
  user: root
  gather_facts: True

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  tasks:
    - name: Put sshfs key in place
      copy:
        src="{{ private }}/files/releng/sshkeys/primary-s390x-sshfs{{ '-staging' if env == 'staging' else '' }}"
        dest="/etc/primary-s390x-sshfs"
        owner=root group=root mode=0600
      tags:
        - sshfs

    - name: Install sshfs
      package: name=sshfs
        state=present
      tags:
        - sshfs

    - name: Add /mnt/fedora_koji sshfs
      mount: path="/mnt/fedora_koji"
        state=present
        fstype=fuse.sshfs
        src="root@koji01{{ env_suffix }}.iad2.fedoraproject.org:/mnt/fedora_koji"
        opts="noauto,_netdev,ServerAliveInterval=20,IdentityFile=/etc/primary-s390x-sshfs"
      tags:
        - sshfs

    - name: Add /srv/odcs sshfs
      mount: path="/srv/odcs"
        state=present
        fstype=fuse.sshfs
        src="root@koji01{{ env_suffix }}.iad2.fedoraproject.org:/srv/odcs"
        opts="noauto,_netdev,ServerAliveInterval=20,IdentityFile=/etc/primary-s390x-sshfs"
      tags:
        - sshfs

  handlers:
    - import_tasks: "{{ handlers_path }}/restart_services.yml"
